<?php
/*
Plugin Name: Hide Dashboard
Plugin URI: http://www.deepwave.net/articles/hide_dashboard/
Description: Hide Dashboard from non-Administrators
Author: Patrick Khoo
Author URI: http://www.deepwave.net/
Version: 1.3
*/
/*
Introduction
Well, it hides the Dashboard for all non-Administrators, and can optionally
block access to the dashboard by URL on the Location bar. You can also
allow Authors and Editors access to the dashboard and other admin section
pages if needed.

Installation
1. Copy the file hide-dashboard.php to your WordPress plugins directory.
2. Login to WordPress as Administrator, go to Plugins and Activate it.
3. Login as a non-Administrator and you should immediately be redirected
   to your account Profile page instead of the Dashboard
4. Add the "Hide Dashboard Meta" Widget to your Widget-enabled Sidebar
   instead of the default "Meta" Widget

Credits
Thanks go to Isaac Greenspan (http://2718.us/blog/) for demonstrating the
method to block access to the Dashboard via the location bar and help in
debugging the code.

ChangeLog
Version: 1.3 - 2008-09-15
* Fixed misleading settings of "Force Profile Page" and "Allow Authors/Editors" in Hide Dashboard Options - Now, things should be clearer, and things should work the way you expect it to work, duh! :)
* Modified code to allow one to safely use both "Force Profile Page" and "Allow Authors/Editors to See Dashboard" at the same time.
* Better checking in URL paths for "Force Profile Page" option.
* Modified Widget and Default Login URLs to redirect editors/authors to "Manage Posts" page instead of "Profile" page. Administrators continue to be redirected to "Site Admin" aka "Dashboard".
* Clean up code.

Version: 1.2 - 2008-08-23
* Added option to block access to the Dashboard directly by keying in
the URL in the location bar of their browser. Note: This needs PHP Ouput
Buffering to be turned _ON_ in order to work.
* Added option to allow Authors and Editors (user_level 2 and above) to
see the Dashboard and other Admin section pages.

Version: 1.1 - 2007-11-11
* Added Hide Dashboard Meta widget for widget enabled Sidebars to totally
  hide Dashboards from Subscribers. Subscribers accessing the site Meta
  through this widget are taken straight to their Profile page, so they
  never see the Dashboard.

Version: 1.0 - 2007-01-05
* Initial Release

Copyright (c) 2007-2008 Patrick Khoo. All rights reserved.
*/

function dw_hd_menu_add() {
	// Add Hide Dashboard Options Menu
	if (function_exists('add_submenu_page')) {
		add_submenu_page('plugins.php', 'Hide Dashboard', 'Hide Dashboard', 'level_10', 'dw_hidedash', 'dw_hd_menu');
	}
	return;
}

function dw_hd_menu() {
	// Hide Dashboard Options Page
	echo "<div class=\"wrap\">\n";
	echo "<h2>Hide Dashboard</h2><br/>\n";
	if ( preg_match('/Save Options/', $_POST['submit']) ) {
		echo "<div id=\"message\" class=\"updated fade\"><p><strong>Hide Dashboard Options Saved</strong></p></div><br/>";
		$new_options = array(
			'really_hide' => $_POST["really_hide"],
			'allow_authed' => $_POST["allow_authed"]
		);
		update_option("dw_hidedash_options", $new_options);
		}

	$options = get_option('dw_hidedash_options');
	?>
	<form action="" method="post" id="dw_hidedash">
		<input type="checkbox" id="really_hide" name="really_hide" value="true" <?php if ($options['really_hide'] == 'true') { echo 'checked="true"'; } ?> /> <strong>Force Profile Page Only</strong><br/>
		This option prevents Subscibers and other users (less than level_2) from accessing the dashboard (or other parts of the admin section) directly by keying in the URL in the location bar of their browser.
		Note that your PHP installation must have Output Buffering turned <u>ON</u> for this to work! (<code>output_buffering = On</code> in php.ini)<br/>
			&nbsp;<br/>
		<input type="checkbox" id="allow_authed" name="allow_authed" value="true" <?php if ($options['allow_authed'] == 'true') { echo 'checked="true"'; } ?> /> <strong>Allow Authors and Editors to See Dashboard</strong><br/>
		This option will allow Authors and Editors (user_level 2 and above) to see the Dashboard.<br/>
		<p class="submit"><input type="submit" name="submit" value="Save Options &raquo;"/></p>
	</form>
	</div>
	<?php
	return true;
}

function dwpage_restrict_adminhead() {
	global $submenu, $menu;
	if (current_user_can('level_10')) {
		// We never modify Administrator Stuff
		return;
	}
	$options = get_option('dw_hidedash_options');  // Get Options
	$destpage = get_option('siteurl') . '/wp-admin/profile.php';
	$lvltwouser = false;
	if (current_user_can('level_2')) {
		// This is a level_2 user
		if ($options['allow_authed']) {
			// Allow level_2 user to see Dashboard - treat like Administrator
			return;
		}
		$destpage = get_option('siteurl') . '/wp-admin/edit.php';
		$lvltwouser = true;
	}
	// Hide Dashboard for all users
	unset($menu[0]); // hide dashboard
	unset($menu[35]); // hide Users or Profile
	unset($submenu['profile.php']);
	// Do we need to force Hide Dashboard?
	if (!$options['really_hide']) {
		// Nope - We're Done
		return;
	}
	// Yes - Really Force Profile Page using Output Buffering Technique
	// **** REMEMBER: This Needs Output Buffering in PHP to Work! ****
	$rightstr = strstr($_SERVER['REQUEST_URI'], '/wp-admin');
	if ($rightstr === FALSE) {
		// IGNORE - This is _NOT_ Admin Area
		return;
	}
	// Is this the Dashboard itself?
	$mypos = strpos($rightstr, '/wp-admin/index.php');
	if (($mypos !== FALSE) || (strlen($rightstr) < 11)) {
		// This is Dashboard Page (Specifically)
		// If string length is less than 11, it is probably '/wp-admin/' or equivalent? or something else?
		wp_safe_redirect($destpage);
		return;
	}
	if ($lvltwouser) {
		// This is a level_2 user, stop here - allow other Admin Pages to go through
		return;
	}
	$mypos = strpos($rightstr, '/wp-admin/profile.php');
	if (($mypos === FALSE) || ($mypos > 0)) {
		// _NOT_ Profle Page
		// If mypos > 0, meaning this is _NOT_ at the beginning of the string? Hacking attempt?
		wp_safe_redirect($destpage);
		return;
	}
	return;
}

function dwlogin_redirect($link) {
	// Modify the Links in wp_register() function
	if (current_user_can('level_10')) {
		// We never modify Administrator Stuff
		return $link;
	}
	$options = get_option('dw_hidedash_options');  // Get Options
	if (current_user_can('level_2')) {
		// This is a level_2 user
		if ($options['allow_authed']) {
			// Allow level_2 user to see Dashboard - treat like Administrator
			return $link;
		}
		// Hide Dashboard for level_2 user
		$link = preg_replace("/Site Admin/", "Edit Posts", $link);
		$link = preg_replace("/\/wp-admin\//","/wp-admin/edit.php",$link);
		return $link;
	}
	// Less than level_2 user - Hide Dashboard from this User
	$link = preg_replace("/Site Admin/", "My Profile", $link);
	$link = preg_replace("/\/wp-admin\//","/wp-admin/profile.php",$link);
	return $link;
}

function dwsidebar_meta($args) {
	extract ($args);
	global $user_identity , $user_email;
	$options = get_option('dw_hidedash_options');
	echo $before_widget;
	echo $before_title . $options['title'] . $after_title;

	if (is_user_logged_in()) {
		// User Already Logged In
		get_currentuserinfo();  // Usually someone already did this, right?
		printf('Welcome, <u><b>%s</b></u> (%s)!<br />Options: &nbsp;',$user_identity,$user_email);

		// Default Strings
		$link_string_site = "<a href=\"".get_bloginfo('wpurl')."/wp-admin/index.php\" title=\"".__('Site Admin')."\">".__('Site Admin')."</a>&nbsp;&nbsp;|&nbsp;&nbsp;";
		$link_string_logout = "<a href=\"".get_bloginfo('wpurl')."/wp-login.php?action=logout&amp;redirect_to=".$_SERVER['REQUEST_URI']."\" title=\"".__('Logout')."\">".__('Logout')."</a>";
		$link_string_edit = "<a href=\"".get_bloginfo('wpurl')."/wp-admin/edit.php\" title=\"".__('Edit Posts')."\">".__('Edit Posts')."</a>&nbsp;&nbsp;|&nbsp;&nbsp;";
		$link_string_profile = "<a href=\"".get_bloginfo('wpurl')."/wp-admin/profile.php\" title=\"".__('My Profile')."\">".__('My Profile')."</a>&nbsp;&nbsp;|&nbsp;&nbsp;";

		// Administrator?
		if (current_user_can('level_10')) {
			echo $link_string_site;
			echo $link_string_logout;
			echo $after_widget;
			return;
		}

		// level_2?
		if (current_user_can('level_2')) {
			if ($options['allow_authed']) {
				// Allow level_2 user to see Dashboard - treat like Administrator
				echo $link_string_site;
				echo $link_string_logout;
				echo $after_widget;
				return;
			}
			// Hide Dashboard for level_2 user
			echo $link_string_edit;
			echo $link_string_logout;
			echo $after_widget;
			return;
		}

		// Less than level_2 user - Hide Dashboard from this User
		echo $link_string_profile;
		echo $link_string_logout;
		echo $after_widget;
		return;
	}

	// User _NOT_ Logged In
	echo "<a href=\"".get_bloginfo('wpurl')."/wp-login.php?action=register&amp;redirect_to=".$_SERVER['REQUEST_URI']."\" title=\"".__('Register')."\">".__('Register')."</a>&nbsp;&nbsp;|&nbsp;&nbsp;";
	echo "<a href=\"".get_bloginfo('wpurl')."/wp-login.php?action=login&amp;redirect_to=".$_SERVER['REQUEST_URI']."\" title=\"".__('Login')."\">".__('Login')."</a>";
	echo $after_widget;
	return;
}

function dwsidebar_meta_control () {
	$options = get_option('dw_hidedash_options');
	if ( $_POST['dwhd_submit'] ) {
		$options['title'] = strip_tags(stripslashes($_POST['dwhd_title']));
		update_option('dw_hidedash_options', $options);
	}
	$title = wp_specialchars($options['title']);
	?>
	<p style="text-align: center">
		<input type="hidden" name="dwhd_submit" id="dwhd_submit" value="1" />
		<label for="dwhd_title"><?php _e('Title:'); ?> <input type="text" id="dwhd_title" name="dwhd_title" value="<?php echo $title; ?>" /></label>
	</p>
	<?php
	return;
}

function dw_plugin_init() {
	register_sidebar_widget('Hide Dashbar Meta', 'dwsidebar_meta');
	register_widget_control('Hide Dashbar Meta', 'dwsidebar_meta_control');
	return;
}

add_action('admin_menu', 'dw_hd_menu_add');
add_action("plugins_loaded", "dw_plugin_init");
add_action('admin_head','dwpage_restrict_adminhead');
add_filter('register', 'dwlogin_redirect');

?>
